package com.ysd.user.utils;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import com.ysd.common.entity.User;


public class LoginFilterUtil implements Filter {

	
    public LoginFilterUtil() {
    
    }
    
    public void init(FilterConfig config) throws ServletException {

	}

	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
		//用户统一权限资源过滤
		
		HttpServletRequest req = (HttpServletRequest) request;
		HttpSession session = req.getSession();
		//获取session域中是否有用户信息
		User user = (User) session.getAttribute("userInfo");
		
		//判断是否有没有就跳转到登录页
		if(user==null && 
		req.getServletPath().indexOf("back/login") < 1 && 
		req.getServletPath().indexOf("back/toLogin") < 1 && 
		req.getServletPath().indexOf("backPage/login.jsp") < 1) {//如果用户没有登录就跳到登录页面，执行
			//给用户提示
			request.setAttribute("msg", "你没有权限访问，请登录！");
			//跳转登录页
			request.getRequestDispatcher("/backPage/login.jsp").forward(request, response);
			return;
		}else{//用户已经登录,执行
			chain.doFilter(request, response);
		}
	}
	public void destroy() {
		
	}

}
